Anmol Bakshi

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device.

**Nome do Software Vulnerável e Versões Afetadas** Modelos GX Earth 2022 ONT **Description** Um problema existe devido a uma chave privada RSA codificada no firmware do dispositivo. Um invasor remoto poderia extrair esta chave privada criptográfica para descriptografar o tráfego HTTPS e realizar ataques de Man-in-the-Middle (MITM), que envolvem um invasor retransmitindo secretamente e possivelmente alterando as comunicações entre duas partes que acreditam estar se comunicando diretamente. **Recommendations** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.